[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster LEGACY-MISC-1999-B - 67 candidates

I am proposing cluster LEGACY-MISC-1999-B for review and voting by the
Editorial Board.

Name: LEGACY-MISC-1999-B
Description: Legacy candidates announced between 5/1/1999 and 8/31/1999
Size: 67

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.



Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-1999-1019
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1019
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990623 Cabletron Spectrum security vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93024398713491&w=2
Reference: BUGTRAQ:19990624 Re: Cabletron Spectrum security vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93024398513475&w=2
Reference: BID:495
Reference: URL:http://www.securityfocus.com/bid/495

SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a
directory tree with insecure permissions, which allows local users to
replace a privileged executable (processd) with a Trojan horse,
facilitating a root or Administrator compromise.

Analysis
----------------
ED_PRI CAN-1999-1019 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1156
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1156
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990517 Vulnerabilities in BisonWare FTP Server 3.5
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9905&L=NTBUGTRAQ&P=R2698
Reference: XF:bisonware-port-crash(2254)
Reference: URL:http://xforce.iss.net/static/2254.php

BisonWare FTP Server 4.1 and earlier allows remote attackers to cause
a denial of service via a malformed PORT command that contains a
non-numeric character and a large number of carriage returns.

Analysis
----------------
ED_PRI CAN-1999-1156 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1336
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1336
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990812 3com hiperarch flaw [hiperbomb.c]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93458364903256&w=2
Reference: BUGTRAQ:19990816 Re: 3com hiperarch flaw [hiperbomb.c]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93492615408725&w=2

3Com HiPer Access Router Card (HiperARC) 4.0 through 4.2.29 allows
remote attackers to cause a denial of service (reboot) via a flood of
IAC packets to the telnet port.

Analysis
----------------
ED_PRI CAN-1999-1336 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1337
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1337
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990801 midnight commander vulnerability(?) (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93370073207984&w=2

FTP client in Midnight Commander (mc) before 4.5.11 stores usernames
and passwords for visited sites in plaintext in the world-readable
history file, which allows other local users to gain privileges.

Analysis
----------------
ED_PRI CAN-1999-1337 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1354
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1354
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990830 SoftArc's FirstClass E-mail Client
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93637687305327&w=2
Reference: NTBUGTRAQ:19990909 SoftArc's FirstClass E-mail Client
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93698283309513&w=2

E-mail client in Softarc FirstClass Internet Server 5.506 and earlier
stores usernames and passwords in cleartext in the files (1) home.fc
for version 5.506, (2) network.fc for version 3.5, or (3) FCCLIENT.LOG
when logging is enabled.

Analysis
----------------
ED_PRI CAN-1999-1354 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1414
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1414
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990525 Security Leak with IBM Netfinity Remote Control Software
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92765856706547&w=2
Reference: NTBUGTRAQ:19990609 IBM's response to "Security Leak with IBM Netfinity Remote Control Software
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92902484317769&w=2
Reference: BID:284
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=284

IBM Netfinity Remote Control allows local users to gain administrator
privileges by starting programs from the process manager, which runs
with system level privileges.

Analysis
----------------
ED_PRI CAN-1999-1414 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1478
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1478
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990706 Bug in SUN's Hotspot VM
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93138827429589&w=2
Reference: NTBUGTRAQ:19990716 FW: (Review ID: 85125) Hotspot crashes bringing down webserver
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93240220324183&w=2
Reference: BID:522
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=522
Reference: XF:sun-hotspot-vm(2348)
Reference: URL:http://xforce.iss.net/static/2348.php

The Sun HotSpot Performance Engine VM allows a remote attacker to
cause a denial of service on any server running HotSpot via a URL that
includes the [ character.

Analysis
----------------
ED_PRI CAN-1999-1478 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1490
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1490
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980528 ALERT: Tiresome security hole in "xosview", RedHat5.1?
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101926021&w=2
Reference: BUGTRAQ:19980529 Re: Tiresome security hole in "xosview" (xosexp.c)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101926034&w=2
Reference: BID:362
Reference: URL:http://www.securityfocus.com/bid/362

xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access
via a long HOME environmental variable.

Analysis
----------------
ED_PRI CAN-1999-1490 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1535
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1535
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990720 Buffer overflow in AspUpload 1.4
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93256878011447&w=2
Reference: NTBUGTRAQ:19990818 AspUpload Buffer Overflow Fixed
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93501427820328&w=2
Reference: BID:592
Reference: URL:http://www.securityfocus.com/bid/592
Reference: XF:http-aspupload-bo(3291)
Reference: URL:http://xforce.iss.net/static/3291.php

Buffer overflow in AspUpload.dll in Persits Software AspUpload before
1.4.0.2 allows remote attackers to cause a denial of service, and
possibly execute arbitrary commands, via a long argument in the HTTP
request.

Analysis
----------------
ED_PRI CAN-1999-1535 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1560
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1560
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990720 tiger vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93252050203589&w=2
Reference: XF:tiger-script-execute(2369)
Reference: URL:http://xforce.iss.net/static/2369.php

Vulnerability in a script in Texas A&M University (TAMU) Tiger allows
local users to execute arbitrary commands as the Tiger user, usually
root.

Analysis
----------------
ED_PRI CAN-1999-1560 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1565
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1565
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990820 [SECURITY] New versions of man2html fixes postinst glitch
Reference: URL:http://www.securityfocus.com/archive/1/24784

Man2html 2.1 and earlier allows local users to overwrite arbitrary
files via a symlink attack on a temporary file.

Analysis
----------------
ED_PRI CAN-1999-1565 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1012
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1012
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category:
Reference: BUGTRAQ:19990504 AS/400
Reference: URL:http://www.securityfocus.com/archive/1/13527
Reference: BID:173
Reference: URL:http://www.securityfocus.com/bid/173

SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other
operating systems, allows a remote attacker to crash the mail server
via a long string.

Analysis
----------------
ED_PRI CAN-1999-1012 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1016
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1016
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990827 HTML code to crash IE5 and Outlook Express 5
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93578772920970&w=2
Reference: BID:606
Reference: URL:http://www.securityfocus.com/bid/606

Microsoft HTML control as used in (1) Internet Explorer 5.0, (2)
FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly
others, allows remote malicious web site or HTML emails to cause a
denial of service (100% CPU consumption) via large HTML form fields
such as text inputs in a table cell

Analysis
----------------
ED_PRI CAN-1999-1016 3
Vendor Acknowledgement:
Content Decisions: EX-CLIENT-DOS, SF-CODEBASE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1017
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1017
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990728 Seattle Labs EMURL Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93316253431588&w=2
Reference: BID:544
Reference: URL:http://www.securityfocus.com/bid/544

Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail
attachments in a specific directory with scripting enabled, which
allows a malicious ASP file attachment to execute when the recipient
opens the message.

Analysis
----------------
ED_PRI CAN-1999-1017 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1018
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1018
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990727 Linux 2.2.10 ipchains Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93312523904591&w=2
Reference: BID:543
Reference: URL:http://www.securityfocus.com/bid/543

IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP
fragments before checking the header information, which allows a
remote attacker to bypass the filtering rules using several fragments
with 0 offsets.

Analysis
----------------
ED_PRI CAN-1999-1018 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1023
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1023
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990610 Sun Useradd program expiration date bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92904175406756&w=2
Reference: BID:426
Reference: URL:http://www.securityfocus.com/bid/426

useradd in Solaris 7.0 does not properly interpret certain date
formats as specified in the "-e" (expiration date) argument, which
could allow users to login after their accounts have expired.

Analysis
----------------
ED_PRI CAN-1999-1023 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1024
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1024
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category:
Reference: BUGTRAQ:19990616 tcpdump 3.4  bug?
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92955903802773&w=2
Reference: BUGTRAQ:19990617 Re: tcpdump 3.4 bug?
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92963447601748&w=2
Reference: BUGTRAQ:19990620 Re: tcpdump 3.4 bug? (final)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92989907627051&w=2
Reference: BID:313
Reference: URL:http://www.securityfocus.com/bid/313

ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a
denial of service via a packet with a zero length header, which causes
an infinite loop and core dump when tcpdump prints the packet.

Analysis
----------------
ED_PRI CAN-1999-1024 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

CAN-2000-0333 and this candidate appear to be two different bugs in
different places in tcpdump.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1028
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1028
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990528 DoS against PC Anywhere
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92807524225090&w=2
Reference: BID:288
Reference: URL:http://www.securityfocus.com/bid/288

Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of
service (CPU utilization) via a large amount of data to port 5631.

Analysis
----------------
ED_PRI CAN-1999-1028 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1029
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1029
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990513 - J.J.F. / Hackers Team warns for SSHD 2.x brute force password hacking
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92663402004280&w=2
Reference: BID:277
Reference: URL:http://www.securityfocus.com/bid/277
Reference: XF:ssh2-bruteforce(2193)
Reference: URL:http://xforce.iss.net/static/2193.php

SSH server (sshd2) before 2.0.12 does not properly record login
attempts if the connection is closed before the maximum number of
tries, allowing a remote attacker to guess the password without
showing up in the audit logs.

Analysis
----------------
ED_PRI CAN-1999-1029 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1030
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1030
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category:
Reference: BUGTRAQ:19990519 Denial of Service in Counter.exe version 2.70
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92713790426690&w=2
Reference: NTBUGTRAQ:19990519 Denial of Service in Counter.exe version 2.70
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92707671717292&w=2
Reference: BID:267
Reference: URL:http://www.securityfocus.com/bid/267

counter.exe 2.70 allows a remote attacker to cause a denial of
service (hang) via an HTTP request that ends in %0A (newline), which
causes a malformed entry in the counter log that produces an access
violation.

Analysis
----------------
ED_PRI CAN-1999-1030 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

ABSTRACTION:
It is possible that the %0A and "long string" DoSes are both related
to a single problem (perhaps they both produce a malformed log file,
which counter.exe can't process?)  However, the nature of the exploits
seem to indicate different underlying problems, thus CD:SF-LOC
suggests separating them into separate entries.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1031
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1031
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category:
Reference: BUGTRAQ:19990519 Denial of Service in Counter.exe version 2.70
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92713790426690&w=2
Reference: NTBUGTRAQ:19990519 Denial of Service in Counter.exe version 2.70
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92707671717292&w=2
Reference: BID:267
Reference: URL:http://www.securityfocus.com/bid/267

counter.exe 2.70 allows a remote attacker to cause a denial of service
(hang) via a long argument.

Analysis
----------------
ED_PRI CAN-1999-1031 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

ABSTRACTION:
It is possible that the %0A and "long string" DoSes are both related
to a single problem (perhaps they both produce a malformed log file,
which counter.exe can't process?)  However, the nature of the exploits
seem to indicate different underlying problems, thus CD:SF-LOC
suggests separating them into separate entries.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1033
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1033
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990511 Outlook Express Win98 bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92647407427342&w=2
Reference: BUGTRAQ:19990512 Outlook Express Win98 bug, addition.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92663402004275&w=2
Reference: BID:252
Reference: URL:http://www.securityfocus.com/bid/252

Microsoft Outlook Express before 4.72.3612.1700 allows a malicious
user to send a message that contains a .., which can inadvertently
cause Outlook to re-enter POP3 command mode and cause the POP3 session
to hang.

Analysis
----------------
ED_PRI CAN-1999-1033 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1052
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1052
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category:
Reference: BUGTRAQ:19990824 Front Page form_results
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93582550911564&w=2

Microsoft FrontPage stores form results in a default location in
/_private/form_results.txt, which is world-readable and accessible in
the document root, which allows remote attackers to read possibly
sensitive information submitted by other users.

Analysis
----------------
ED_PRI CAN-1999-1052 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1063
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1063
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990601 whois_raw.cgi problem
Reference: URL:http://www.securityfocus.com/archive/1/14019
Reference: BID:304
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=304
Reference: XF:http-cgi-cdomain(2251)
Reference: URL:http://xforce.iss.net/static/2251.php

CDomain whois_raw.cgi whois CGI script allows remote attackers to
execute arbitrary commands via shell metacharacters in the fqdn
parameter.

Analysis
----------------
ED_PRI CAN-1999-1063 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1064
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1064
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990822
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93555317429630&w=2
Reference: BUGTRAQ:19990824 Re: WindowMaker bugs (was sub:none )
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93582070508957&w=2
Reference: BID:596
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=596

Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow
attackers to cause a denial of service and possibly execute arbitrary
commands by executing WindowMaker with a long program name (argv[0]).

Analysis
----------------
ED_PRI CAN-1999-1064 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1078
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1078
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990729 WS_FTP Pro 6.0 Weak Password Encryption Vulnerability
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9907&L=ntbugtraq&D=0&P=10370&F=P
Reference: BID:547
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=547

WS_FTP Pro 6.0 uses weak encryption for passwords in its
initialization files, which allows remote attackers to easily decrypt
the passwords and gain privileges.

Analysis
----------------
ED_PRI CAN-1999-1078 3
Vendor Acknowledgement:

The disclosers refer to a Bugtraq post from 1997 which they say is an
earlier version of a decryption program, but is it really the same
algorithm and program that's affected? BUGTRAQ:19970811 Program To
decrypt password in ws_ftp.ini

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1080
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1080
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990510 SunOS 5.7 rmmount, no nosuid.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92633694100270&w=2
Reference: BUGTRAQ:19991011
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93971288323395&w=2
Reference: BID:250
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=250

rmmount in SunOS 5.7 may mount file systems without the nosuid flag
set, contrary to the documentation and its use in previous versions of
SunOS, which could allow local users with physical access to gain root
privileges by mounting a floppy or CD-ROM that contains a setuid
program and running volcheck, when the file systems do not have the
nosuid option specified in rmmount.conf.

Analysis
----------------
ED_PRI CAN-1999-1080 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1086
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1086
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990715 NMRC Advisory: Netware 5 Client Hijacking
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93214475111651&w=2
Reference: BID:528
Reference: URL:http://www.securityfocus.com/bid/528

Novell 5 and earlier, when running over IPX with a packet signature
level less than 3, allows remote attackers to gain administrator
privileges by spoofing the MAC address in IPC fragmented packets that
make NetWare Core Protocol (NCP) calls.

Analysis
----------------
ED_PRI CAN-1999-1086 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1097
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1097
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990504 Microsoft Netmeeting Hole
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92586457816446&w=2
Reference: XF:netmeeting-clipboard(2187)
Reference: URL:http://xforce.iss.net/static/2187.php

Microsoft NetMeeting 2.1 allows one client to read the contents of
another client's clipboard via a CTRL-C in the chat box when the box
is empty.

Analysis
----------------
ED_PRI CAN-1999-1097 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1130
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1130
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: BUGTRAQ:19990730 Netscape Enterprise Server yeilds source of JHTML
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93346448121208&w=2
Reference: NTBUGTRAQ:19990730 Netscape Enterprise Server yeilds source of JHTML
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93337389603117&w=2
Reference: BID:559
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=559

Default configuration of the search engine in Netscape Enterprise
Server 3.5.1, and possibly other versions, allows remote attackers to
read the source of JHTML files by specifying a search command using
the HTML-tocrec-demo1.pat pattern file.

Analysis
----------------
ED_PRI CAN-1999-1130 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1164
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1164
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990625 Outlook denial of service
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93041631215856&w=2

Microsoft Outlook client allows remote attackers to cause a denial of
service by sending multiple email messages with the same X-UIDL
headers, which causes Outlook to hang.

Analysis
----------------
ED_PRI CAN-1999-1164 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1166
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1166
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990711 Linux 2.0.37 segment limit bug
Reference: URL:http://www.securityfocus.com/archive/1/18156
Reference: BID:523
Reference: URL:http://www.securityfocus.com/bid/523

Linux 2.0.37 does not properly encode the Custom segment limit, which
allows local users to gain root privileges by accessing and modifying
kernel memory.

Analysis
----------------
ED_PRI CAN-1999-1166 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1195
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1195
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990505 NAI AntiVirus Update Problem
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92587579032534&w=2
Reference: BUGTRAQ:19990505 NAI AntiVirus Update Problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92588169005196&w=2
Reference: BID:169
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=169

NAI VirusScan NT 4.0.2 does not properly modify the scan.dat virus
definition file during an update via FTP, but it reports that the
update was successful, which could cause a system administrator to
believe that the definitions have been updated correctly.

Analysis
----------------
ED_PRI CAN-1999-1195 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1227
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1227
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://www.ethereal.com/lists/ethereal-dev/199907/msg00126.html
Reference: MISC:http://www.ethereal.com/lists/ethereal-dev/199907/msg00130.html
Reference: XF:ethereal-dev-capturec-root(3334)
Reference: URL:http://xforce.iss.net/static/3334.php

Ethereal allows local users to overwrite arbitrary files via a symlink
attack on the packet capture file.

Analysis
----------------
ED_PRI CAN-1999-1227 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1231
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1231
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990609 ssh advirsory
Reference: URL:http://www.securityfocus.com/archive/1/14758
Reference: XF:ssh-leak(2276)
Reference: URL:http://xforce.iss.net/static/2276.php

ssh 2.0.12, and possibly other versions, allows valid user names to
attempt to enter the correct password multiple times, but only prompts
an invalid user name for a password once, which allows remote
attackers to determine user account names on the server.

Analysis
----------------
ED_PRI CAN-1999-1231 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1237
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1237
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990606 Buffer overflows in smbval library
Reference: URL:http://www.securityfocus.com/archive/1/14384
Reference: XF:smbvalid-bo(2272)
Reference: URL:http://xforce.iss.net/static/2272.php

Multiple buffer overflows in smbvalid/smbval SMB authentication
library, as used in Apache::AuthenSmb and possibly other modules,
allows remote attackers to execute arbitrary commands via (1) a long
username, (2) a long password, and (3) other unspecified methods.

Analysis
----------------
ED_PRI CAN-1999-1237 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1241
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1241
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://oliver.efri.hr/~crv/security/bugs/NT/activex4.html
Reference: XF:ie-filesystemobject(2173)
Reference: URL:http://xforce.iss.net/static/2173.php

Internet Explorer, with a security setting below Medium, allows remote
attackers to execute arbitrary commands via a malicious web page that
uses the FileSystemObject ActiveX object.

Analysis
----------------
ED_PRI CAN-1999-1241 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1338
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1338
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990721 Delegate creates directories writable for anyone
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93259112204664&w=2

Delegate proxy 5.9.3 and earlier creates files and directories in the
DGROOT with world-writable permissions.

Analysis
----------------
ED_PRI CAN-1999-1338 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

The patch indicates multiple lines in the source code in which the bad
permissions are set, e.g. via various mkdir() calls. CD:SF-LOC
suggests combining all of them into a single entry since the problems
are of the same type.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1348
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1348
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990630 linuxconf doesn't seem to deal correctly with /etc/pam.d/reboot
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93220073515880&w=2

Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable
PAM-based access to the shutdown command, which could allow local
users to cause a denial of service.

Analysis
----------------
ED_PRI CAN-1999-1348 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1365
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1365
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990628 NT runs Explorer.exe, Taskmgr.exe etc. from wrong location
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93069418400856&w=2
Reference: NTBUGTRAQ:19990630 Update: NT runs explorer.exe, etc...
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93127894731200&w=2

Windows NT searches a user's home directory (%systemroot% by default)
before other directories to find critical programs such as
NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could
allow local users to bypass access restrictions or gain privileges by
placing a Trojan horse program into the root directory, which is
writable by default.

Analysis
----------------
ED_PRI CAN-1999-1365 3
Vendor Acknowledgement:

The %systemroot% being writable by users is contrary to Microsoft
recommended configuration. So, is this just one implication of a bad
configuration problem?

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1366
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1366
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990515 Pegasus Mail weak encryption
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92714118829880&w=2

Pegasus e-mail client 3.0 and earlier uses weak encryption to store
POP3 passwords in the pmail.ini file, which allows local users to
easily decrypt the passwords and read e-mail.

Analysis
----------------
ED_PRI CAN-1999-1366 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1367
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1367
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://www.pcworld.com/news/article/0,aid,10842,00.asp

Internet Explorer 5.0 does not properly reset the username/password
cache for Web sites that do not use standard cache controls, which
could allow users on the same system to access restricted web sites
that were visited by other users.

Analysis
----------------
ED_PRI CAN-1999-1367 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1368
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1368
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990512 InoculateIT 4.53 Real-Time Exchange Scanner Flawed
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92652152723629&w=2
Reference: NTBUGTRAQ:20001116 InoculateIT AV Option for MS Exchange Server
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=97439568517355&w=2

AV Option for MS Exchange Server option for InoculateIT 4.53, and
possibly other versions, only scans the Inbox folder tree of a
Microsoft Exchange server, which could allow viruses to escape
detection if a user's rules cause the message to be moved to a
different mailbox.

Analysis
----------------
ED_PRI CAN-1999-1368 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1378
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1378
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990917 improper chroot in dbmlparser.exe
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93250710625956&w=2

dbmlparser.exe CGI guestbook program does not perform a chroot
operation properly, which allows remote attackers to read arbitrary
files.

Analysis
----------------
ED_PRI CAN-1999-1378 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1393
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1393
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://freaky.staticusers.net/macsec/data/powerbooksecurity-data.html
Reference: BID:532
Reference: URL:http://www.securityfocus.com/bid/532

Control Panel "Password Security" option for Apple Powerbooks allows
attackers with physical access to the machine to bypass the security
by booting it with an emergency startup disk and using a disk editor
to modify the on/off toggle or password in the aaaaaaaAPWD file, which
is normally inaccessible.

Analysis
----------------
ED_PRI CAN-1999-1393 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1394
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1394
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990702 BSD-fileflags
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93094058620450&w=2
Reference: BID:510
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=510

BSD 4.4 based operating systems, when running at security level 1,
allow the root user to clear the immutable and append-only flags for
files by unmounting the file system and using a file system editor
such as fsdb to directly modify the file through a device.

Analysis
----------------
ED_PRI CAN-1999-1394 3
Vendor Acknowledgement:

A followup by Darren Reed indicates that this problem may be a lack of
clear documentation on the particular security settings.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1400
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1400
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990603 Huge Exploit in NT 4.0 SP5 Screensaver with Password Protection Enabled
Reference: URL:http://archives.indenial.com/hypermail/ntbugtraq/1999/June1999/0007.html
Reference: NTBUGTRAQ:19990603 Re: Huge Exploit in NT 4.0 SP5 Screensaver with Password Protecti on Enabled.
Reference: URL:http://archives.indenial.com/hypermail/ntbugtraq/1999/June1999/0009.html
Reference: NTBUGTRAQ:19990604 Official response from The Economist re: 1999 Screen Saver
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92851653600852&w=2
Reference: BID:466
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=466

The Economist screen saver 1999 with the "Password Protected" option
enabled allows users with physical access to the machine to bypass the
screen saver and read files by running Internet Explorer while the
screen is still locked.

Analysis
----------------
ED_PRI CAN-1999-1400 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1412
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1412
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990603 MacOS X system panic with CGI
Reference: URL:http://www.securityfocus.com/archive/1/14215
Reference: BID:306
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=306

A possible interaction between Apple MacOS X release 1.0 and Apache
HTTP server allows remote attackers to cause a denial of service
(crash) via a flood of HTTP GET requests to CGI programs, which
generates a large number of processes.

Analysis
----------------
ED_PRI CAN-1999-1412 3
Vendor Acknowledgement:

ABSTRACTION:
The problem may be endemic to MacOS X and as such may not be related
to Apache at all. Other descriptions of this problem may not include
Apache at all.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1418
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1418
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990501 Update: security hole in the ICQ-Webserver
Reference: URL:http://www.securityfocus.com/archive/1/13508
Reference: BID:246
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=246

ICQ99 ICQ web server build 1701 with "Active Homepage" enabled
generates allows remote attackers to determine the existence of files
on the server by comparing server responses when a file exists ("404
Forbidden") versus when a file does not exist ("404 not found").

Analysis
----------------
ED_PRI CAN-1999-1418 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1444
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1444
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://catless.ncl.ac.uk/Risks/20.41.html#subj4

genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent
of 1, which results in transactions that are sent in cleartext.

Analysis
----------------
ED_PRI CAN-1999-1444 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1460
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1460
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990713 Root Perms Gained with Patrol SNMP Agent 3.2 (all others?)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93198293132463&w=2
Reference: BUGTRAQ:19990801 Re: Root Perms Gained with Patrol SNMP Agent 3.2 (all others?)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93372579004129&w=2
Reference: BID:525
Reference: URL:http://www.securityfocus.com/bid/525

BMC PATROL SNMP Agent before 3.2.07 allows local users to create
arbitrary world-writeable files as root by specifying the target file
as the second argument to the snmpmagt program.

Analysis
----------------
ED_PRI CAN-1999-1460 3
Vendor Acknowledgement: yes followup
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1470
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1470
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990624 Eastman Software Work Management 3.21
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93034788412494&w=2
Reference: XF:eastman-cleartext-passwords(2303)
Reference: URL:http://xforce.iss.net/static/2303.php
Reference: BID:485
Reference: URL:http://www.securityfocus.com/bid/485

Eastman Work Management 3.21 stores passwords in cleartext in the
COMMON and LOCATOR registry keys, which could allow local users to
gain privileges.

Analysis
----------------
ED_PRI CAN-1999-1470 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1485
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1485
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990531 IRIX 6.5 nsd virtual filesystem vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/13999
Reference: XF:sgi-nsd-view(2246)
Reference: URL:http://xforce.iss.net/static/2246.php
Reference: XF:sgi-nsd-create(2247)
Reference: URL:http://xforce.iss.net/static/2247.php
Reference: BID:412
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=412

nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP
port, which allows remote attackers to view files and cause a possible
denial of service by mounting the nsd virtual file system.

Analysis
----------------
ED_PRI CAN-1999-1485 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1496
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1496
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990608 unneeded information in sudo
Reference: URL:http://www.securityfocus.com/archive/1/14665
Reference: BID:321
Reference: URL:http://www.securityfocus.com/bid/321
Reference: XF:sudo-file-exists(2277)
Reference: URL:http://xforce.iss.net/static/2277.php

Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to
determine the existence of arbitrary files by attempting to execute
the target filename as a program, which generates a different error
message when the file does not exist.

Analysis
----------------
ED_PRI CAN-1999-1496 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1510
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1510
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990517 Vulnerabilities in BisonWare FTP Server 3.5
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92697301706956&w=2
Reference: XF:bisonware-command-bo(3234)
Reference: URL:http://xforce.iss.net/static/3234.php

Buffer overflows in Bisonware FTP server prior to 4.1 allow remote
attackers to cause a denial of service, and possibly execute arbitrary
commands, via long (1) USER, (2) LIST, or (3) CWD commands.

Analysis
----------------
ED_PRI CAN-1999-1510 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

Russ Cooper, NTBugraq Editor, emailed a copy of Arne Vidstrom's
observations to BisonWare. Nick Barnes of BisonWare replied with an
answer to each of Vidstrom's questions. Russ summarized the exchange.
Nick Barnes acknowledged a fix in version 4.1 for all buffer overflows
in commands taking arguments. -- Pease

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1513
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1513
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990830 One more 3Com SNMP vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93616983223090&w=2

Management information base (MIB) for a 3Com SuperStack II hub running
software version 2.10 contains an object identifier
(.1.3.6.1.4.1.43.10.4.2) that is accessible by a read-only community
string, but lists the entire table of community strings, which could
allow attackers to conduct unauthorized activities.

Analysis
----------------
ED_PRI CAN-1999-1513 3
Vendor Acknowledgement: no

I believe this to be something more than a default or weak password
problem. If I recall correctly from some work I did a few years ago
requiring me to read some MIB specifications, I found MIBs defining a
password object as a write only object so that no one could read it.
3Com may not have done this for their enterprise MIB. Compromising the
read-write community string allows an attacker to modify router or
switch configuration information which is very serious. In this
instance the attacker would be using a default community string or one
known to the attacker to access the read-write string. I have
classified this as a software problem, since one bugtraq message in
the thread mentions it was fixed by version 2.12.
-- Pease

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1514
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1514
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990729 ExpressFS 2.x FTPServer remotely exploitable buffer overflow vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94130292519646&w=2
Reference: BUGTRAQ:19990729 ExpressFS 2.x FTPServer remotely exploitable buffer overflow vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94121377716133&w=2
Reference: BID:749
Reference: URL:http://www.securityfocus.com/bid/749
Reference: XF:expressfs-command-bo(3401)
Reference: URL:http://xforce.iss.net/static/3401.php

Buffer overflow in Celtech ExpressFS FTP server 2.x allows remote
attackers to cause a denial of service, and possibly execute arbitrary
commands, via a long USER command.

Analysis
----------------
ED_PRI CAN-1999-1514 3
Vendor Acknowledgement: no

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1515
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1515
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: BID:613
Reference: URL:http://www.securityfocus.com/bid/613
Reference: XF:tfs-gateway-dos(3290)
Reference: URL:http://xforce.iss.net/static/3290.php

A non-default configuration in TenFour TFS Gateway 4.0 allows an
attacker to cause a denial of service via messages with incorrect
sender and recipient addresses, which causes the gateway to
continuously try to return the message every 10 seconds.

Analysis
----------------
ED_PRI CAN-1999-1515 3
Vendor Acknowledgement: unknown
Content Decisions: CF

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1518
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1518
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990715 Shared memory DoS's
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93207728118694&w=2
Reference: BID:526
Reference: URL:http://www.securityfocus.com/bid/526
Reference: XF:bsd-shared-memory-dos(2351)
Reference: URL:http://xforce.iss.net/static/2351.php

Operating systems with shared memory implementations based on BSD 4.4
code allow a user to conduct a denial of service and bypass memory
limits (e.g., as specified with rlimits) using mmap or shmget to
allocate memory and cause page faults.

Analysis
----------------
ED_PRI CAN-1999-1518 3
Vendor Acknowledgement: unknown
Content Decisions: SF-CODEBASE

Exploit code is included in the BugTraq post entitled "Shared memory DoS's" dated July 15, 1999 posted by Mike Perry at this URL: http://www.securityfocus.com/templates/archive.pike?list=1&msg=19990715003612.A18130@mikepery.linuxos.org
 --Pease

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1520
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1520
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: BUGTRAQ:19990511 [ALERT] Site Server 3.0 May Expose SQL IDs and PSWs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92647407227303&w=2
Reference: BID:256
Reference: URL:http://www.securityfocus.com/bid/256
Reference: XF:siteserver-site-csc(2270)
Reference: URL:http://xforce.iss.net/static/2270.php

In Microsoft Site Server 3.0 a configuration problem exists in the Ad
Server Sample directory (AdSamples) allowing an attacker to retrieve
SITE.CSC, exposing sensitive SQL database information.

Analysis
----------------
ED_PRI CAN-1999-1520 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1524
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1524
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990807 Re: FlowPoint DSL router vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93424680430460&w=2

FlowPoint DSL router firmware versions prior to 3.0.8 allows a remote
attacker to exploit a password recovery feature from the network and
conduct brute force password guessing, instead of limiting the feature
to the serial console port.

Analysis
----------------
ED_PRI CAN-1999-1524 3
Vendor Acknowledgement: unknown vague advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1536
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1536
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: BUGTRAQ:19990730 World writable root owned script in SalesBuilder (RedHat 6.0)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93347785827287&w=2
Reference: BID:560
Reference: URL:http://www.securityfocus.com/bid/560

.sbstart startup script in AcuShop Salesbuilder is world writable,
which allows local users to gain privileges by appending commands to
the file.

Analysis
----------------
ED_PRI CAN-1999-1536 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1537
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1537
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990707 SSL and IIS.
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93138827329577&w=2
Reference: BID:521
Reference: URL:http://www.securityfocus.com/bid/521
Reference: XF:ssl-iis-dos(2352)
Reference: URL:http://xforce.iss.net/static/2352.php

IIS 3.x and 4.x does not distinguish between pages requiring
encryption and those that do not, which allows remote attackers to
cause a denial of service (resource exhaustion) via SSL requests to
the HTTPS port for normally unencrypted files, which will cause IIS
to perform extra work to send the files over SSL.

Analysis
----------------
ED_PRI CAN-1999-1537 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1543
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1543
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990710 MacOS system encryption algorithm
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93188174906513&w=2
Reference: BUGTRAQ:19990914 MacOS system encryption algorithm 3
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93736667813924&w=2
Reference: BID:519
Reference: URL:http://www.securityfocus.com/bid/519

MacOS uses weak encryption for passwords that are stored in the Users
& Groups Data File.

Analysis
----------------
ED_PRI CAN-1999-1543 3
Vendor Acknowledgement: unknown
Content Decisions: DESIGN-WEAK-ENCRYPTION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1545
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1545
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990714
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93216103027827&w=2
Reference: BUGTRAQ:19990717 joe 2.8 makes world-readable DEADJOE
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93226771401036&w=2

Joe's Own Editor (joe) 2.8 sets the world-readable permission on its
crash-save file, DEADJOE, which could allow local users to read files
that were being edited by other users.

Analysis
----------------
ED_PRI CAN-1999-1545 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1561
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1561
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990820 Winamp SHOUTcast server: Gain Administrator Password
Reference: URL:http://www.securityfocus.com/archive/1/24852

Nullsoft SHOUTcast server stores the administrative password in
plaintext in a configuration file (sc_serv.conf), which could allow a
local user to gain administrative privileges on the server.

Analysis
----------------
ED_PRI CAN-1999-1561 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1566
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1566
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990508 iParty Daemon Vulnerability w/ Exploit Code (worse than thought?)
Reference: URL:http://www.securityfocus.com/archive/1/13600

Buffer overflow in iParty server 1.2 and earlier allows remote
attackers to cause a denial of service (crash) by connecting to
default port 6004 and sending repeated extended characters.

Analysis
----------------
ED_PRI CAN-1999-1566 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007